Certify’s security model

Certify follows standards-based security for all communication between Certify hospital Gateways and physician HealthDock™ appliances. Communication uses Hypertext Transfer Protocol Secure (HTTPS), with Secure Sockets Layer (SSL), and 128-bit, public and private key encryption.  Certify utilizes the following three levels of security protocols to ensure secure communication:

Level I
Information is only sent to an entity that is authorized to access it.  This is accomplished by requesting an x.509 certificate from the entity before beginning transmission.

Level II
Information from an entity that is not trusted will not be accepted.  The entity receiving the message will also verify the certificate of the entity transmitting the message.

Level III
Information being transmitted between two entities that have established mutual trust will not be accessible to any other entity during transmission.  When trust is established between the Certify gateway and HealthDock™, a private and public key pair is used to prevent the transmission from being intercepted by any servers that the message has to get past en route to the authorized recipient.  The Certify gateway and HealthDock™ each have a public and private key.  The public key is available to other entities through the x.509 certificate.  The private key is only known to the particular entity. 

HIPAA Compliance
Certify’s security model ensures HIPAA compliance is met.  No confidential data is preserved or stored in the Certify Gateway or HealthDock™.  Database and files use 128-bit public and private key encryption.   A complete, closed-loop audit trail is kept on both Gateway and HealthDock™, which features automated backup and restore capability, and secure user login with automatic logout due to inactivity.